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DETAILED ACTION 



01 . This action is in response to Applicants amendment filed on August 07, 2006. 
Claims 1-21 are pending in the present application. This action is made FINAL, as 
necessitated by amendment. 



Claim Rejections - 35 USC § 103 

02. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 



03. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: . 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness or 
nonobviousness. 

04. Claims 1 - 3, 5 - 10, 12 - 17, and 19 - 21 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over ASP Alliance (Introduction to Validating User Input in Web 
Forms, December 29, 2003) in view of PBDR (SQL String Validation, June 24, 2003). 
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Consider claim 1, ASP Alliance clearly shows a method for using validation 
controls (read as query signatures to provide security for a database), comprising: 

when the user's input is being processed (for example, when the form is 
submitted) (read as receiving the query at the database) (page 1 lines 20-21), the page 
framework passes the user's entry to the appropriate validation control or controls (read 
as parsing the query to determine a signature for the query, wherein the signature 
specifies a structure based on operations for the query and is independent of the value 
of literals in the query) (page 1 lines 21-22). The validation controls test the user's input 
and set a property to indicate whether the entry passed the test (read .as determining if 
the signature is located in a signature cache, which contains signature for valid queries) 
(page 1 lines 22-23). And would test the state of the validation controls before updating 
a data record with information entered by the user. If you detect an invalid state, you 
bypass the update (read as if so, processing the query) (page 1 lines 27-29). However, 
ASP Alliance does not specifically disclose that the signature is an SQL signature. 

PBDR clearly shows that a query signature coded in ASP can be done through 
an SQL string (read as the signature is constructed from structured query language 
[SQL] keywords of the query) (page 1 lines 1 - 4, 33 - 34). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine the SQL string validation method taught by PBDR 
into the query string validation method taught by ASP Alliance for the purpose of 
allowing string validation procedures to work for multiple operating environments. 
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Consider claim 2, and as applied to claim 1 above, ASP Alliance clearly shows 
a method such that if any validation checks fail (read as if the signature is not in the 
signature cache) (page 1 line 29), you skip all your own processing (read as the method 
further comprises triggering a mismatch alert) (page 1 lines 29-30). 

Consider claim 3, and as applied to claim 2 above, ASP Alliance clearly shows 
a method such that validation controls that detected errors then produce an error 
message that appears on the page (read as the mismatch alert throws an error) (page 1 
lines 30-31). 

Consider claim 5, and as applied to claim 2 above, ASP Alliance clearly shows 
a method such that if any validation checks fail, you skip all your own processing and 
the page is returned to the user (read as the mismatch alert is sent to a requesting 
applications, thereby allowing the requesting application to take action) (page 1 lines 
29-30). 

Consider claim 6, and as applied to claim 1 above, ASP Alliance clearly shows 
a method such that when the user submits a form to the server, the validation controls 
are invoked to review the user's input, control by control (read as the signature cache is 
initialized by recording signatures of valid transactions during a system initialization 
operation) (page 2 lines 36-37) . 

Consider claim 7, and as applied to claim 1 above, ASP Alliance clearly shows 
a method such that if any validation checks fail (read as the signatures generates a 
mismatch alert) (page 1 line 19) you enable validation of user input by adding validation 
controls to your form as you would other server controls (read as if the query is a valid 
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query, the method further comprises allowing a database administrator to add the 
signature to the signature cache) (page 1 line 16-17). 

Consider claim 8, ASP Alliance clearly shows a. computer-readable storage 
medium storing instructions that when executed by a computer cause the computer to 
perform a method for using validation controls (read as query signatures to provide 
security for a database), comprising: 

when the user's input is being processed (for example, when the form is 
submitted) (read as receiving the query at the database) (page 1 lines 20-21), the page 
framework passes the user's entry to the appropriate validation control or controls (read 
as parsing the query to determine a signature for the query, wherein the signature 
specifies a structure based on operations for the query and is independent of the value 
of literals in the query) (page 1 lines 21-22). The validation controls test the user's input 
and set a property to indicate whether the entry passed the test (read as determining if 
the signature is located in a signature cache, which contains signature for valid queries) 
(page 1 lines 22-23). And would test the state of the validation controls before updating 
a data record with information entered by the user. If you detect an invalid state, you 
bypass the update (read as if so, processing the query) (page 1 lines 27-29). However, 
ASP Alliance does not specifically disclose that the signature is an SQL signature. 

PBDR clearly shows that a query signature coded in ASP can be done through 
an SQL string (read as the signature is constructed from structured query language 
[SQL] keywords of the query) (page 1 lines 1 - 4, 33 - 34). 
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Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine the SQL string validation computer-readable 
medium taught by PBDR into the query string validation computer-readable medium 
taught by ASP Alliance for the purpose of allowing string validation procedures to work 
for multiple operating environments. 

Consider claim 9, and as applied to claim 8 above, ASP Alliance clearly shows 
a computer-readable storage medium such that if any validation checks fail (read as if 
the signature is not in the signature cache) (page 1 line 29), you skip all your own 
processing (read as the method further comprises triggering a mismatch alert) (page 1 
lines 29-30). 

Consider claim 10, and as applied to claim 9 above, ASP Alliance clearly 
shows a computer-readable storage medium such that validation controls that detected 
errors then produce an error message that appears on the page (read as the mismatch 
alert throws an error) (page 1 lines 30-31). 

Consider claim 12, and as applied to claim 9 above, ASP Alliance clearly 
shows a computer-readable storage medium such that if any validation checks fail, you 
skip all your own processing and the page is returned to the user (read as the mismatch 
alert is sent to a requesting applications, thereby allowing the requesting application to 
take action) (page 1 lines 29-30). 

Consider claim 13, and as applied to claim 8 above, ASP Alliance clearly 
shows a computer-readable storage medium such that when the user submits a form to 
the server, the validation controls are invoked to review the user's input, control by 
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control (read as the signature cache is initialized by recording signatures of valid 
transactions during a system initialization operation) (page 2 lines 36-37). 

Consider claim 14, and as applied to claim 8 above, ASP Alliance clearly 
shows a computer-readable storage medium such that if any validation checks fail (read 
as the signatures generates a mismatch alert) (page 1 line 29) you enable validation of 
user input by adding validation controls to your form as you would other server controls 
(read as if the query is a valid query, the method further comprises allowing a database 
administrator to add the signature to the signature cache) (page 1 lines 16-17). 

Consider claim 15, ASP Alliance clearly shows an apparatus for using validation 
controls (read as query signatures to provide security for a database), comprising: 

when the user's input is being processed (for example, when the form is 
submitted) (read as receiving the query at the database) (page 1 lines 20-21), the page 
framework passes the user's entry to the appropriate validation control or controls (read 
as parsing the query to determine a signature for the query, wherein the signature 
specifies a structure based on operations for the query and is independent of the value 
of literals in the query) (page 1 lines 21-22). The validation controls test the user's input 
and set a property to indicate whether the entry passed the test (read as determining if 
the signature is located in a signature cache, which contains signature for valid queries) 
(page 1 lines 22-23). And would test the state of the validation controls before updating 
a data record with information entered by the user. If you detect an invalid state, you 
bypass the update (read as if so, processing the query) (page 1 lines 27-29). However, 
ASP Alliance does not specifically disclose that the signature is an SQL signature. 
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PBDR clearly shows that a query signature coded in ASP can be done through 
an SQL string (read as the signature is constructed from structured query language 
[SQL] keywords of the query) (page 1 lines 1 - 4, 33 - 34). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine the SQL string validation apparatus taught by 
PBDR into the query string validation apparatus taught by ASP Alliance for the purpose 
of allowing string validation procedures to work for multiple operating environments. 

Consider claim 16, and as applied to claim 15 above, ASP Alliance clearly 
shows an apparatus such that if any validation checks fail (read as if the signature is not 
in the signature cache) (page 1 line 29), you skip all your own processing (read as the 
method further comprises triggering a mismatch alert) (page 1 lines 29-30). 

Consider claim 17, and as applied to claim 16 above, ASP Alliance clearly 
shows an apparatus such that validation controls that detected errors then produce an 
error message that appears on the page (read as the mismatch alert throws an error) 
(page 1 lines 30-31). 

Consider claim 19, and as applied to claim 16 above, ASP Alliance clearly 
shows an apparatus such that if any validation checks fail, you skip all your own 
processing and the page is returned to the user (read as the mismatch alert is sent to a 
requesting applications, thereby allowing the requesting application to take action) 
(page 1 lines 29-30). 

Consider claim 20, and as applied to claim 15 above, ASP Alliance clearly 
shows an apparatus such that when the user submits a form to the server, the validation 
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controls are invoked to review the user's input, control by control (read as the signature 
cache is initialized by recording signatures of valid transactions during a system 
initialization operation) (page 2 lines 36-37) . 

Consider claim 21, and as applied to claim 15 above, ASP Alliance clearly 
shows an apparatus such that if any validation checks fail (read as the signatures 
generates a mismatch alert) you enable validation of user input by adding validation 
controls to your form as you would other server controls (read as if the query is a valid 
query, the method further comprises allowing a database administrator to add the 
signature to the signature cache) (page 1, lines 29, 16-17). 

05. Claims 4, 11, and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over ASP Alliance (Introduction to Validating User Input in Web Forms, December 29, 
2003) in view of PBDR (SQL String Validation, June 24, 2003) in further view of The 
PHP Group (Error Handling and Logging Functions, November 27, 2003). 

Consider claim 4, and as applied to claim 1 above, ASP Alliance, as modified 
by PBDR, clearly show the claimed invention except for that a mismatch alert is sent to 
a database administrator. 

The PHP Group clearly shows an example of using the error handling capabilities 
to define an error handling function, which logs the information into a file and e-mails the 
developer in case a critical error in logic happens (read as the mismatch alert is sent to 
a database administrator and the query is processed) (page 7 lines 5-6). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine the error handling capability taught by The PHP 
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Group into the method of using query signatures taught by ASP Alliance, as modified by 
PBDR, for the purpose of allowing an administrator to monitor errors being entered into 
the database. 

Consider claim 11, and as applied to claim 8 above, ASP Alliance, as modified 
by PBDR, clearly show the claimed invention except for that a mismatch alert is sent to 
a database administrator. 

The PHP Group clearly shows an example of using the error handling capabilities 
to define an error handling function, which logs the information into a file and e-mails the 
developer in case a critical error in logic happens (read as the mismatch alert is sent to 
a database administrator and the query is processed) (page 7 lines 5-6). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine the error handling capability taught by The PHP 
Group into the use of query signatures taught by ASP Alliance, as modified by PBDR, 
for the purpose of allowing an administrator to monitor errors being entered into the 
database. 

Consider claim 18, and as applied to claim 15 above, ASP Alliance, as 
modified by PBDR, clearly show the claimed invention except for that a mismatch alert 
is sent to a database administrator. 

The PHP Group clearly shows an example of using the error handling capabilities 
to define an error handling function, which logs the information into a file and e-mails the 
developer in case a critical error in logic happens (read as the mismatch alert is sent to 
a database administrator and the query is processed) (page 7 lines 5-6). 
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Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine the error handling capability taught by The PHP 
Group into the use of query signatures taught by ASP Alliance, as modified by PBDR, 
for the purpose of allowing an administrator to monitor errors being entered into the 
database. 

Response to Arguments 

06. Applicant's arguments with respect to claims 1 , 8, and 15 have been considered, 
but are moot in view of the new ground(s) of rejection. 

Conclusion 

07. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

08. Any response to this Office Action should be faxed to (571 ) 273-8300 or mailed 
to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 



Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulany Street 
Alexandria, VA 22314 

09. Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Christopher Raab whose telephone number is (571) 
270-1090. The Examiner can normally be reached on Monday-Thursday from 7:30am to 
5:00pm. 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Christian Chace can be reached on (571) 272-4190. The fax phone number 
for the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
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information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free) or 703-305-3028. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist/customer service whose telephone 
number is (571)272-2600. 

Christopher Raab 



C.R./cr 




October 12, 2006 




